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Abstract. The symmetric A/i-calculus is the A/i-calculus introduced by 
Parigot in which the reduction rule y! , which is the symmetric of /i, is added. 
We give arithmetical proofs of some strong normalization results for this cal- 
culus. We show (this is a new result) that the /^'-reduction is strongly nor- 
malizing for the un-typed calculus. We also show the strong normalization 
' of the /^//-reduction for the typed calculus: this was already known but 

, the previous proofs use candidates of reducibility where the interpretation 

of a type was defined as the fix point of some increasing operator and thus, 
were highly non arithmetical. 
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1 Introduction 



Since it has been understood that the Curry-Howard isomorphism relating proofs 
and programs can be extended to classical logic, various systems have been in- 
troduced: the A c -calculus (Krivine [12]), the Aexn-calculus (de Groote [6]), the 
A/i-calculus (Parigot [18]), the A Sym -calculus (Barbanera & Berardi [1]), the Xa- 
calculus (Rehof & Sorensen [24]), the A/i/2-calculus (Curien & Herbelin [3]), ... 
The first calculus which respects the intrinsic symmetry of classical logic is X ym . 
0^ . It is somehow different from the previous calculi since the main connector is not the 

arrow as usual but the connectors or and and. The symmetry of the calculus comes 
from the de Morgan laws. 

The second calculus respecting this symmetry has been Xfj.fl. The logical part is 
the (classical) sequent calculus instead of natural deduction. 

Natural deduction is not, intrinsically, symmetric but Parigot has introduced 
the so called Free deduction [17] which is completely symmetric. The A/i-calculus 
comes from there. To get a confluent calculus he had, in his terminology, to fix the 
inputs on the left. To keep the symmetry, it is enough to keep the same terms and 
to add a new reduction rule (called the //-reduction) which is the symmetric rule 
of the /t-reduction and also corresponds to the elimination of a cut. We get then a 
symmetric calculus that is called the symmetric A/i- calculus. 

The //-reduction has been considered by Parigot for the following reasons. The 
A/x-calculus (with the /3-reduction and the /^-reduction) has good properties : con- 
fluence in the un-typed version, subject reduction and strong normalization in the 
typed calculus. But this system has, from a computer science point of view, a draw- 
back: the unicity of the representation of data is lost. It is known that, in the 
A-calculus, any term of type N (the usual type for the integers) is /3-equivalent to 
a Church integer. This no more true in the A/x-calculus and we can find normal 
terms of type N that are not Church integers. Parigot has remarked that by adding 
the //-reduction and some simplification rules the unicity of the representation of 
data is recovered and subject reduction is preserved, at least for the simply typed 
system, even though the confluence is lost. 



Barbanera & Berardi proved the strong normalization of the A Ss,m -calculus by 
using candidates of reducibility but, unlike the usual construction (for example for 
Girard's system F), the definition of the interpretation of a type needs a rather 
complex fix-point operation. Yamagata [25] has used the same technic to prove 
the strong normalization of the symmetric A^i-calculus where the types are those 
of system F and Parigot, again using the same ideas, has extended Barbanera & 
Berardi's result to a logic with second order quantification. These proofs are thus 
highly non arithmetical. 

We consider here the A/^,-calculus with the rules f3, /i and fj,' . It was known that, 
for the un- typed calculus, the /i-reduction is strongly normalizing (see [23]) but the 
strong normalization of the /^//-reduction for the un-typed calculus was an open 
problem raised long ago by Parigot. We give here a proof of this result. Studying 
this reduction by itself is interesting since a /i (or //)-reduction can be seen as a way 
"to put the arguments of the \i where they are used" and it is useful to know that 
this is terminating. We also give an arithmetical proof of the strong normalization 
of the /^//-reduction for the simply typed calculus. We finally show (this is also a 
new result) that, in the un-typed calculus, if Mi,...,M n are strongly normalizing 
for the /^//-reduction, then so is (x Mi ... M n ). 

The proofs of strong normalization that are given here are extensions of the ones 
given by the first author for the simply typed A-calculus. This proof can be found 
either in [7] (where it appears among many other things) or as a simple unpublished 
note on the web page of the first author (www.lama.univ-savoie.fr/~david ). 

The same proofs can be done for the A/z/i-calculus and these proofs are, in 
fact, much simpler for this calculus since some difficult problems that appear in 
the A/U-calculus do not appear in the A/^,/i-calculus: this is mainly due to the fact 
that, in the latter, there is a right-hand side and a left-hand side (the terms and 
the environments) whereas, in the A/x-calculus, this distinction is impossible since 
a term on the right of an application can go on the left of an application after 
some reductions. The proof of the strong normalization of the /u/i-reduction can 
be found in [22]. The proof is done (by using candidates of reducibility and a fix 
point operator) for a typed calculus but, in fact, since the type system is such 
that every term is typable, the result is valid for every term. A proof of the strong 
normalization of the A/i/i-typed calculus (again using candidates of reducibility and 
a fix point operator) can also be found there. Due to the lack of space, we do not 
give our proofs of these results here but they will appear in [11]. 

The paper is organized as follows. In section 2 we give the syntax of the terms 
and the reduction rules. An arithmetical proof of strong normalization is given 
in section 3 for the /z/u'-reduction of the un-typed calculus and, in section 4, for 
the /?/i//-reduction of the simply typed calculus. In section 5, we give an example 
showing that the proofs of strong normalization using candidates of reducibility 
must somehow be different from the usual ones and we show that, in the un-typed 
calculus, if Mi, ...,M n are strongly normalizing for the /3/z//-reduction, then so is 
(x Mi... M n ). We conclude with some future work. 

2 The symmetric A/x-calculus 
2.1 The un-typed calculus 

The set (denoted as T) of A^-terms or simply terms is defined by the following 
grammar where x,y, ... are A-variables and a, (3, ... are /i-variables: 

T::=x\ XxT \{TT)\ \iolT \ (a T) 



Note that we adopt here a more liberal syntax (also called de Groote's calculus) 
than in the original calculus since we do not ask that a \mx is immediately followed 
by a (fi M) (denoted [0\M in Parigot's notation). 



Definition 1. Let M be a term. 

1. cxty(M) is the number of symbols occurring in M. 

2. We denote by N < M (resp. N < M) the fact that TV is a sub-term (resp. a 
strict sub-term) of M. 

3. If ~P is a sequence Pi, P n of terms, (M ~P) will denote (M Pi ... P n ). 

2.2 The typed calculus 

The types are those of the simply typed A^i-calculus i.e. are built from atomic 
formulas and the constant symbol _L with the connector — >. As usual —>A is an 
abbreviation for A — >_L. 

The typing rules are given by figure 1 below where r is a context, i.e. a set of 
declarations of the form x : A and a : ->A where x is a A (or intuitionistic) variable, 
«isa/i (or classical) variable and A is a formula. 

ax 



r,x : Ah x : A 
r,x: Ah M : B r h M : A B r h N : A 



r h XxM : A^ B 1 T h (M N) : B 

r, a : A h M : _L r,a : ^Ah M : A 

r h fj,aM : A e T, a : -A h (a M) : _L 1 

Figure 1. 

Note that, here, we also have changed Parigot's notation but these typing rules 
are those of his classical natural deduction. Instead of writing 

M: (Af ,..,^» \-B,C?\...,C%r) 

we have written 

x\ : A\, ...,x n : A n , a\ : -1C1, a m : ~^C m h M : B 
Definition 2. Let A be a type. We denote by lg(A) the number of arrows in A. 

2.3 The reduction rules 

The cut-elimination procedure (on the logical side) corresponds to the reduction 
rules (on the terms) given below. There are three kinds of cuts. 

— A logical cut occurs when the introduction of the connective — ► is immediately 
followed by its elimination. The corresponding reduction rule (denoted by (3) is: 

(XxM N)>M[x := N] 

— A classical cut occurs when _L e appears as the left premiss of a — > e . The corre- 
sponding reduction rule (denoted by /u) is: 

[piaM N) > naM[a = r N] 

where M[a = r N] is obtained by replacing each sub-term of M of the form 
(a U) by (a (U Nj). This substitution is called a /x-substitution. 



— A symmetric classical cut occurs when _L e appears as the right premiss of a — > e . 
The corresponding reduction rule (denoted by //) is: 

(M fiaN) > /iaiV[a =; M] 

where JV[a =; M] is obtained by replacing each sub-term of N of the form (a U) 
by (a (M U)). This substitution is called a //-substitution. 

Remarks 

1. It is shown in [18] that the /3/i-reduction is confluent but neither nor /?// is. 
For example {[ictx n(3y) reduces both to fiax and to n(3y. Similarly (Xzx fi(3y) 
reduces both to x and to \x(iy. 

2. The reductions on terms correspond to the elimination of cuts on the proofs. 

— The /^-reduction is the usual one. 

— The ^-reduction is as follows. If M corresponds to a proof of _L assuming 
a : -*(A — ► B) and N corresponds to a proof of A, then M[a = r N] 
corresponds to the proof M of 1 assuming a : ->B but where, each time we 
used the hypothesis a : ->{A — ► B) with a proof U of A — > B to get _L, we 
replace this by the following proof of _L. Use U and N to get a proof of B 
and then a : -*B to get a proof of _L. 

— Similarly the //-reduction is as follows. If N corresponds to a proof of _L 
assuming a : ^A and M corresponds to a proof of A — > B, then N[a =i M] 
corresponds to the proof N of _L assuming a : ->B but where, each time we 
used the hypothesis a : ->A with a proof U of A to get J_, we replace this by 
the following proof of _L. Use U and M to get a proof of B and then a : ->B 
to get a proof of J_. 

3. Unlike for a /3-substitution where, in M\x := N], the variable x has disappeared 
it is important to note that, in a fi or ^'-substitution, the variable a has not 
disappeared. Moreover its type has changed. If the type of N is A and, in M, 
the type of a is ->(A —> B) it becomes ->B in M[a — r N]. If the type of M is 
A^f B and, in N, the type of a is ~^A it becomes ->B in N [a =; M\. 



In the next sections we will study various reductions : the /x/x'-reduction in sec- 
tion 3 and the /3^/u'-reduction in sections 4, 5. The following notions will correspond 
to these reductions. 

Definition 3. Let > be a notion of reduction and M be a term. 

1. The transitive (resp. reflexive and transitive) closure of > is denoted by > + (resp. 

>*). 

2. If M is in SN i.e. M has no infinite reduction, r/(M) will denote the length of 
the longest reduction starting from M and rjc(M) will denote (ry(M), cxty(M)). 

3. We denote by N -< M the fact that N < M' for some M' such that M >* M' 
and either M > + M' or N < M' . We denote by < the reflexive closure of -<. 

Remarks 

- It is easy to check that the relation < is transitive and that TV X M iff N < M' 
for some M' such that M >* M'. 

- If M e SN and N ~< M, then N E SN and r]c{N) < r]c(M). It follows that 
the relation ^ is an order on the set SN. 

- Many proofs will be done by induction on some fc-uplet of integers. In this case 
the order we consider is the lexicographic order. 



3 The /x/V-reduction is strongly normalizing 



In this section we consider the /^//-reduction, i.e. M > M' means M' is obtained 
from M by one step of the ^//-reduction. The main points of the proof of the strong 
normalization of (ill' are the following. 

- We first show (cf. lemma 6) that a /i or //-substitution cannot create a [i. 

- It is easy to show (see lemma 8) that if M G SN but M[a] g" SN where a is a /i 
or //-substitution, there are an a in the domain of a and some M' -< M such that 
M'[a] G SN and (say a is a ^-substitution) (M'[a] a(a)) g SN. This is sufficient to 
give a simple proof of the strongly normalization of the /i-rcduction. But this is not 
enough to do a proof of the strongly normalization of the /i//-reduction. We need 
a stronger (and more difficult) version of this: lemma 9 ensure that, if M[a] G SN 
but M[cr][a = r P] $ SN then the real cause of non SN is, in some sense, [a = r P]. 

- Having these results, we show, essentially by induction on r/c(M) + 7/c(TV), that 
if M,N G SN then (M N) G SN. The point is that there is, in fact, no deep 
interactions between M and N i.e. in a reduct of (M N) we always know what is 
coming from M and what is coming from N . 

Definition 4. — The set of simultaneous substitutions of the form \a\ = S1 Pi 
a n —s n Pn] where Sj G {l,f} will be denoted by U. 

— For s G {l,r}, the set of simultaneous substitutions of the form [ai = s Pi 
...a n —s P n ] will be denoted by S s . 

— If a = [a\ = Sl Pi a„ — Sn P n ], we denote by dom(a) (resp. Im(aj) the set 
{ai, a n } (resp. {Pi, P n } ). 

— Let cr e S. We say that a e 5iV iff for every AT € Im(cr), TV G 5"iV. 

Lemma 5. 7/ (M TV) >* fiaP, then either M >* fiaMx and Mi [a = r N] \>* P or 
N >* fiaNx and N x [a =i M] >* P. 

Proof By induction on the length of the reduction (M N) >* [ictP . □ 

Lemma 6. Let M be a term and a G S. If M[a] >* [iaP , then A7[>* /iaQ for some 
Q such that Q[o~] >* P. 

Proof By induction on M . M cannot be of the form ((3 M') or Ax M'. If M begins 
with a ix, the result is trivial. Otherwise M = (Mi M 2 ) and, by lemma 5, either 
Mi [a] >* LiaR and R[a = r M 2 [a]} >* P or M 2 [a] >* fiaR and R[a =i M x [a]] >* P. Look 
at the first case (the other one is similar) . By the induction hypothesis Mi >* fiaQ for 
some Q such that Q[a] >* R and thus Mt>* fj,aQ[a — r M 2 ]. Since Q[a — r M 2 ][a] = 
Q[a][a = r M 2 [a]\ >* R[a = r M 2 [a}} >* P we arc done. □ 

Lemma 7. Assume M, TV G SN and (M TV) g SN. Then either M >* iiaM x and 
Mi [a = r N] (£SNorN >* ll[3N 1 and TVi[/3 =, M]^SN. 

Proof By induction on r/(M) + »j(TV). Since (M TV) g 5TV, (M TV) > P for some 
P such that P ^ 5TV. If P = (M' TV) where M > M' we conclude by the induction 
hypothesis since r?(M') + r/(TV) < ry(M) + r/(TV). If P = (M TV') where TV > N' 
the proof is similar. If M = \mxM\ and P = /iaMi[a = r TV] or TV = /z/3TVi and 
P = nf}Ni\f} =i M] the result is trivial. □ 

Lemma 8. 7ef M 6e term in SN and a G S s be in SN. Assume M[a] £ SN. Then, 
for some {a P) < M, P[a] G SN and, if s = I (resp. s = r), (a (a) P[a]) & SN 
(resp. (P[a]a(a)) <^SN). 

Proof We only prove the case s = I (the other one is similar). Let Mi ^ M be 
such that Mi [<r] g" SN and nc(Mi) is minimal. By the minimality, Mi cannot be 
AxM 2 or /ioM 2 . It cannot be either (TVi N 2 ) because otherwise, by the minimality, 
the TV[cr] would be in SN and thus, by lemma 7 and 6, we would have, for example, 



Ni t>* paN[ and -/V([<r][a = r N 2 [a]] = N[[a = r N 2 ][a] & SN but this contradicts 
the minimality of Mi since r](N{[a = r N 2 }) < v( M i)- Tncn M i = ( a p ) and the 
the minimality of Mi implies that P[a] G SN. □ 



Remark 

From these results it is easy to prove, by induction on the term, the strong nor- 
malization of the ^-reduction. It is enough to show that, if M, TV G SN, then 
(M N) G SN. Otherwise, we construct below a sequence (Mj) of terms and 
a sequence (cr,) of substitutions such that, for every i, ui has the form [ot\ = r 
N,...,a n = r N], M,[cr 4 ] £■ SN and M t+1 < M t <M. The sequence (MS) contra- 
dicts the fact that M G SN. Since (M N) ^ SN, by lemma 7, M >* p,a.M\ and 
Mi [a = r iV] SN. Assume we have constructed Mi and <7j. Since MSyaS\ $ SN, 
by lemma 8, there is M/ -< M 4 such that M/[cr 4 ] G SW and (M[[a\ N) £ SN. By 
lemmas 6 and 7, M[ >* /iaM 1+ i and M i+ i[<7i + a = r N] £ SN. 

In the remark above, the fact that (M N) £ SN gives an infinite /x-reduction 
in M. This not the same for the the /i/z'-reduction and, if we try to do the same, 
the substitutions we get are more complicated. In particular, it is not clear that 
we get an infinite sequence either of the form ... -< M 2 ~< Mi -< M or of the form 
... ~< N 2 -< N\ -< N. Lemma 9 below will give the answer since it will ensure that, 
at each step, we may assume that the cause of non SN is the last substitution. 

Lemma 9. Let M be a term and a G S s . Assume 6 is free in M but not free in 
Im(a). If M[a] G SN but M[a][S = s P] SN, there is M' < M and a 1 such that 
M'[a'\ G SN and, ifs = r, (M'[a'\ P) g" SN and, if 8 = I, (P M'[a'\) # SN. 

Proof Assume s = r (the other case is similar). Let Im(a) = {N±, Nk}. 
Assume M, 5, a, P satisfy the hypothesis. Let U = {U / U r< M} and V = {V / V ^ 
N for some i}. Define inductively the sets S m and S n of substitutions by the 
following rules: 

p G S m iff p = or p = p' + [f3 = r V{t\] for some V G V, r G S n and p' G S m 
t G S n iff T = or T = T ' + [ a =1 U[p]] for some U G U, p G S m and r' G E n 

Denote by C the conclusion of the lemma, i.e. there is M' -< M and a' such that 

M'[cr'] G SN, and (M'[a'] P) g SN. 

We prove something more general. 

(1) Let U G U and p G S m . Assume U[p] G SN and U[p}[6 = r P] <£ SN. Then, C 
holds. 

(2) Let V G V and r G r„. Assume V[t] G S'TV and F[r][J = r P] <£ SN. Then, C 
holds. 

The conclusion C follows from (1) with M and a. The properties (1) and (2) 
are proved by a simultaneous induction on r)c(U[p\) (for the first case) and 77c(V[t]) 
(for the second case). 

Look first at (1) 

- if U = XxU' or U — pall': the result follows from the induction hypothesis with 
V and p. 

-ifU= (Ut U 2 ): if Ui[p] [5 = r P] SN for i = 1 or i = 2, the result follows from the 
induction hypothesis with Ui and p. Otherwise, by lemma 6 and 7, say U\ >* p,aU' l 
and, letting U' = U[[a = r u 2 ], U'[p][5 = r P] SN and the result follows from the 
induction hypothesis with U' and p. 

- if U = (6 Ut): if Ui\p][6 = r P] G SN, then M' = Ui and a' = p[S = r P] satisfy 
the desired conclusion. Otherwise, the result follows from the induction hypothesis 
with Ui and p. 

- if U = (a U{): if a g dom(p) or ?7i[p][5 = r P] & SN, the result follows from 
the induction hypothesis with U\ and p. Otherwise, let p(a) = V[t\. If V^[r][5 = r 



P] SN, the result follows from the induction hypothesis with V and r (with (2)). 
Otherwise, by lemma 6 and 7, there are two cases to consider. 

- Ui >* pa x U 2 and U 2 [p'}[6 = r P] & SN where p' = p + [cm = r V[t}]. The result 
follows from the induction hypothesis with U 2 and p' . 

- V >* nfiVi and Vi[t'}[5 = r P] $ SN where t' = r + [(3 =1 Ui[p]\. The result 
follows from the induction hypothesis with V\ and r' (with (2)). 

The case (2) is proved in the same way. Note that, since S is not free in the AT*, 
the case b = (6 V\) does not appear. □ 

Theorem 10. Every term is in SN. 

Proof By induction on the term. It is enough to show that, if M, N £ SN, then 
(M N) £ SN. We prove something more general: let a (rcsp. r) be in S r (resp. 
Si) and assume M[<t],N[t] £ SN. Then (M[a] N[t]) £ SN. Assume it is not the 
case and choose some elements such that M[a], N[t] £ SN, [M[a] N[t]) $ SN and 
(??(M) + n(N),cxty(M) + cxty(N)) is minimal. By lemma 7, either M[a] t>* pSMi 
and Mi [5 = r N[r}] SN or N[t] >* ///3ATi and N^/3 =; M[a]} £ SN. Look at the 
first case (the other one is similar). By lemma 6, M>* p5M 2 for some M 2 such that 
M 2 [a] t>* Mi. Thus, M 2 [a][S = r N[t}} g SN. By lemma 9 with M 2 , a and N[t], let 
M 1 -< M 2 and a' be such that M'[a'\ £ SN, (M'[a'] N{t}) <£ SN. This contradicts 
the minimality of the chosen elements since r)c(M') < nc(M). □ 



4 The simply typed symmetric A/x-calculus is strongly 
normalizing 

In this section, we consider the simply typed calculus with the /?/i//-reduction i.e. 
M > M' means M' is obtained from M by one step of the /3/u^'-reduction. To 
prove the strong normalization of the /^//-reduction, it is enough to show that, 
if M, N £ SN, then M[x := N] also is in SN. This is done by induction on the 
type of A\ The proof very much looks like the one for the /^'-reduction and the 
induction on the type is used for the cases coming from a /3-reduction. The two new 
difficulties are the following. 

- A /3-substitution may create a p, i.e. the fact that M[x := N] >* paP does not 
imply that M >* paQ. Moreover the p may come from a complicated interaction 
between M and N and, in particular, the alternation between M and AT can be 
lost. Let e.g. M = (Mi (x (Xy 1 \y 2 paM 4 ) M 2 M 3 )) and A^ = Xz(z N^. Then 
M[x := N] >* (Mi (paMi M 3 )) >* paM' A [a = r M 3 ][a =1 Mi]. To deal with this 
situation, we need to consider some new kind of /i/i'-substitutions (see definition 
13). Lemma 16 gives the different ways in which a p may appear. The difficult case 
in the proof (when a p is created and the control between M and Af is lost) will be 
solved by using a typing argument. 

- The crucial lemma (lemma 18) is essentially the same as the one (lemma 9) for 
the /z/x'-reduction but, in its proof, some cases cannot be proved "by themselves" 
and we need an argument using the types. For this reason, its proof is done using 
the additional fact that we already know that, if M,N £ SN and the type of A^ 
is small, then M[x := N] also is in SN. Since the proof of lemma 19 is done by 
induction on the type, when we will use lemma 18, the additional hypothesis will 
be available. 

Lemma 11. 1. If (M N) >* XxP, then M t>* XyM\ and M x [y := N] t>* XxP. 
2. If (M N) t>* paP, then either (M >* AyMi and M x [y := AT] t>* paP) or (M >* 
paMi and Mi [a = r N] >* P) or (N >* paN x and N^a =1 M] >* P). 

Proof (1) is trivial. (2) is as in lemma 5. □ 



Lemma 12. Let M G SN and a = [x x := Ni, ...,x k := N k ]. Assume M[a] >* XyP. 
Then, either M >* AyPi and Pi [a] >* P or M >* ( Xi <J) and (N { Q\a\) >* XyP. 

Proof By induction on r/c(M). The only non immediate case is M = (R S). By 
lemma 11, there is a term Pi such that R[<r] >* XzRi and R\[z :— S[<r]] >* XyP. By 
the induction hypothesis (since rjc{R) < fyc(M)), we have two cases to consider. 

(1) Rt>* XzR 2 and R 2 [a] >* R 1 , then R 2 [z := S][a] >* XyP. By the induction 
hypothesis (since n(R 2 [z :— S]) < ry(M)), 

- either P 2 [z := S] t>* XyPi and P 1 [a] >* P ; but then Mo* AyPi and we are done. 

- or R 2 [z := S] >* (xi (J) and (Ni Q[cr}) >* XyP, then Mt>* (xi and again we 
are done. 

(2) P >* (xi (J) and (Ni Q\a\) >* XzR x . Then M t>* ( Xl C$ S) and the result is 
trivial. □ 



Definition 13. — An address is a finite list of symbols in {l,r}. The empty list 
is denoted by [] and, if a is an address and s £ {l,r}, [s :: a] denotes the list 
obtained by putting s at the beginning of a. 

— Let a be an address and M be a term. The sub-term of M at the address a 
(denoted as M a ) is defined recursively as follows : if M = (P Q) and a = [r :: b] 
(rcsp. a = [I :: 6]) then M a = Qb (resp. P&) and undefined otherwise. 

— Let M be a term and a be an address such that M a is defined. Then M(a = N) 
is the term M where the sub-term M a has been replaced by N. 

— Let M, N be some terms and a be an address such that M a is defined. Then 
N[a = a M] is the term N in which each sub-term of the form (a U) is replaced 
by (a M(a = U)). 

Remarks and examples 

- Let N = Xx(a Xy(x fi/3(a y))), M = (Mi (M 2 M 3 )) and a = [r :: /]. Then 
JV[a = a M] = Ax(a (Mi (Ay(x M /3(a (Mi (y M 3 )))) M 3 ))). 

- Let M = (P ((R (x T)) Q)) and a = [r :: I :: r :: I]. Then iV[a = Q M] = 
N[a = r T][a =i R][a = r Q][a = r P}. 

- Note that the sub-terms of a term having an address in the sense given above 
are those for which the path to the root consists only on applications (taking cither 
the left or right son). 

- Note that [a =m M] is not the same as [a =i M] but [a =i M] is the same 
as [a =[ r j (M N)} where N does not matter. More generally, the term N[a = a M] 
does not depend of M a . 

- Note that M(a = N) can be written as M'[x a :— N] where M' is the term M in 
which M a has been replaced by the fresh variable x a and thus (this will be used in the 
proof of lemma 19) if M a is a variable x, (a U)[a — a M] = (a M\[y := U[a = a M}]) 
where Mi is the term M in which the particular occurrence of x at the address a has 
been replaced by the fresh name y and the other occurrences of x remain unchanged. 

Lemma 14. Assume M,N e SN and (M N) £ SN. Then, either (M >* AyP 
and P[y := N] £ SN) or (M >* fiaP and P[a = r N] ^ SN) or (N >* ^iaP and 
P[a =i M] <^SN). 

Proof By induction on r?(M) + T)(N). □ 

In the rest of this section, we consider the typed calculus. To simplify the nota- 
tions, we do not write explicitly the type information but, when needed, we denote 
by type(M) the type of the term M. 



Lemma 15. If P h M : A and M >* N then P h N : A. 
Proof Straight forward. 



□ 



Lemma 16. Let n be an integer, M G SN, a = [xi := N\,...,Xk '■= Nk] where 
lg(type(Ni)) = n for each i. Assume M[a] >* paP. Then, 

1. either M >* paPi and Pjer] >* P 

2. or Mo* Q and, for some i, Ni>* paN- and N-[a = a Q[a]] >* P for some address 
a in Q such that Q a — Xi. 

3. or M >* Q, Q a [cr] >* paN' and N'[a = a Q[cr}] >* P for some address a in Q 
such that lg(type(Q a j) < n . 

Proof By induction on rjc(M). The only non immediate case is M = (R S). 
Since M[a] >* paP, the application (R[cr] S[a]) must be reduced. Thus there are 
three cases to consider. 

— It is reduced by a //-reduction, i.e. there is a term Si such that S[a] >* paSi 
and Si[a —i R[o~]] >* P. By the induction hypothesis: 

- either S>* paQ and Q[a]>* S 1 , then M>* paQ[a = t R] and Q[a =i R][cr]>* P. 

- or S >* Q and, for some i, Ni >* /J,aN!, Q a = Xi for some address a in Q and 
N![a = a Q[o-]] >* Si. Then M >* (R Q) = Q' and letting b = [r :: a] we have 
N<[a= b Q'[a]}>*P. 

- or S >* Q, Q a [v\ >* HceN' for some address a in Q such that lg(type(Q a j) < n 
and N'[a = a Q[a]] >* Si. Then M>* (R Q) = Q' and letting b = [r :: a] we have 
N'[a = b Q'[o-]} >* P and lg(type(Q'j,)) < n. 

— It is reduced by a /^-reduction. This case is similar to the previous one. 

— It is reduced by a /3-reduction, i.e. there is a term U such that R[a] >* XyU and 
U[y := S[a]] >* \iolP. By lemma 12, there are two cases to consider. 

- either R >* XyRi and Ri[a][y := S[a\] = Ri[y := S][a] >* fiaP. The result 
follows from the induction hypothesis sine rj{Ri[y := S]) < rj(M). 

- or Rt>* (xi Ri). Then Q = (xi R\ S) and a = [] satisfy the desired conclusion 
since then lg(type(Mj) < n. □ 

Definition 17. Let A be a type. We denote by Ea the set of substitutions of the 
form [an = 0l Mi, ...,a n — a „ M n ] where the type of the Ofj is ->A. 

Remark 

Since in such substitutions the type of the variables changes, when we consider 
the term N[a] where a e Sa, we mean that the type of the on is A in N i.e. before 
the substitution. Also note that considering N[a = a M] implies that the type of 
M a is A. 

Lemma 18. Let n be an integer and A be a type such that lg(A) — n. Let N,P be 
terms and r G Sa- Assume that, 

— for every M,N £ SN such that lg(type(N)) < n, M[x := N] e SN. 

— N[t] G SN but N[t][S = a P] £ SN. 

— S is free and has type ^A in N but S is not free in 7m(r). 

Then, there is N' -< N and t' G E a such that N'[t'} G SN and P(a = N'[t'}) 
SN. 

Proof Essentially as in lemma 9. Denote by (H) the first assumption i.e. for every 
M,N G SN such that lg(type(N)) < n, M[x := N] G SN. 

Let r = [ai = 01 M u ...,a n = Un M n ], U = {U / U < N} and V = {V / V * M t 
for some i}. Define inductively the sets U m and E n of substitutions by the following 
rules: 

p G E n iff p = or p = p' + [a = a V[a]] for some V G V, a G E m , p' G E n and 
a has type ~^A. 



a G £ m iff a = or a = a' + [x := U[p]] for some U G U, p G £ n , a' G £ m and 
a; has type A. 

Denote by C the conclusion of the lemma. We prove something more general. 

(1) Let U G U and p G £ n . Assume U[p] G SN and C/[p][(5 =„ P] SN. Then, C 
holds. 

(2) Let V G V and cr G 27 m . Assume V[a] G SW and V[a}[5 = a P] SJV. Then, C 
holds. 

The conclusion C follows from (1) with N and r. The properties (1) and (2) are 
proved by a simultaneous induction on rjc(U[p\) (for the first case) and T7c(V[r]) 
(for the second case). 

The proof is as in lemma 9. The new case to consider is, for V[a], when V = 
{ViV 2 )aMVi[j][8= a P]eSN. 

- Assume first the interaction between V\ and V 2 is a /3-reduction. If V\ >* XxV{, 
the result follows from the induction hypothesis with V{[x := V^cr]. Otherwise, by 
lemma 12, Vi t>* (x W). Let a(x) = U[p\. Then (U[p\ W[a}) >* XyQ and Q[y := 
V 2 [cr]] [6 = a P] SN. But, since the type of x is A, the type of y is less than A and 
since Q[S = a P] and V2[cr][(5 = a P] are in SN this contradicts (H). 

- Assume next the interaction between V\ and V 2 is a /x or ii'-reduction. We consider 
only the case /x (the other one is similar). If V± >* p,aV{, the result follows from the 
induction hypothesis with V{[a = r V<^\cr\. Otherwise, by lemma 16, there are two 
cases to consider. 

- Vi >* Q, Q c = x for some address c in Q and x G dom{a) 1 a(x) — U[p], 
U>* paUx and Ux[p][a = c Q[a]][a = r V 2 [cr}}[5 = a P] £ SN. Let V = {Q V 2 ) and 
b = I : : c. The result follows then from the induction hypothesis with U\ [p'\ where 
p' = p+[a= b V'[a}}. 

- V\ >*Q, <5c[cr][(5 = a P]>* paR for some address c in Q such that lg(type(Q c )) < 
n, R[a = c Q[a][8 =„ P]][a = r V 2 [a}[6 =„ P}} £ SN. Let V = (Q'V 2 ) where Q' 
is the same as Q but Q c has been replaced by a fresh variable y and b = I :: c. 
Then i?[a = & V'[a}[8 = a P]} SN. Let R' be such that R' -< R, R'[a = b 
V'[a][5 = a P]] & SN and r}c(R') is minimal. It is easy to check that R' = (a R"), 
R"[a = 6 V'[a][6 = a P}] G SN and V'[a'][8 = a P] # SN where a> = a + y := 
i?"[a = b V'[a]}. If yV]!' 5 =a P] & SN, we get the result by the induction hy- 
pothesis since rjc(V'[a}) < j]c(V[<t]). Otherwise this contradicts the assumption (H) 
since V'[a][6 = a P},R"[a = b V'[a}[5 = a P}} G SN, V'[a}[5 = a P][y := R"[a = b 
V'[<j][S = a P}}} & SN and the type of y is less than n. 

□ 

Lemma 19. If M,N & SN, then M[x := N] G SN. 

Proof We prove something a bit more general: let A be a type, M, N\, Nk be 
terms and t\, be substitutions in Ua- Assume that, for each i, N has type A 
and Ni[n\ G SN. Then M[xi := Ni[n}, x k := N k [T k }} G SN. This is proved by 
induction on (lg(A),r](M),cxty(M), £ r}{Ni),E cxty(Ni)) where, in S r){Ni) and 
£ cxty(Ni), we count each occurrence of the substituted variable. For example if 
k = 1 and x\ has n occurrences, £ f](Ni) = n.r](Ni). 

If M is Ay Mi or (a Mi) or pa.M\ or a variable, the result is trivial. Assume then 
that M = (Mi M 2 ). Let a = [xi := Ni[n}, x k := N k [T k }}. By the induction 
hypothesis, Mi[a], M 2 [a] G SN. By lemma 14 there are 3 cases to consider. 

- Mi [a] >* XyP and P[y := M 2 [cr]] ^ SN. By lemma 12, there are two cases to 
consider. 

• Mi >* XyQ and Q[a] t>* P. Then Q[y := Af 2 ][tr] = := M 2 [a}} t>* P[y := 

M 2 [cr]] and, since ry(Q[jy := M 2 ]) < rj(M), this contradicts the induction 
hypothesis. 



• Mi >* (Xi <?) and (Ni Q\a[) t>* AyP. Then, since the type of Ni is A, 
lg(type(y)) < lg(A). But P,M 2 [cr] £ SW and P[y := M 2 [cr]] SW. This 
contradicts the induction hypothesis. 

— Mi [a] >* \ictP and P[a = r M 2 [ct]] ^ SN. By lemma 16, there are three cases to 
consider. 

• Mi >* naQ and Q[a] >* P. Then, Q[a = r M 2 }[a] = Q[a][a = r M 2 [a]\ >* 
P[a = r M 2 [cr]] and, since r](Q[a = r M 2 ]) < rj(M), this contradicts the 
induction hypothesis. 

• Mi >* Q, Ni[ri] t>* [iaV and Q a = Xi for some address a in Q such that 
L'[a = a Q[a]] >* P and thus L'[a = b M'[a}} £ SN where b = (I :: a) and 
M' = (Q M 2 ). 

By lemma 6, N >* fiaL and L[n] o* L'. Thus, L[n][a = b M'[a]] £ SN. By 
lemma 18, there is L\ -< L and r' such that £i[r'] G S 1 ^ and M'[a](b = 
Li[t'\) £ SN. Let M" be M' where the variable Xi at the address b has 
been replaced by the fresh variable y and let o\ = a + y := Li[t'}. Then 
M"[cn] = M'[a](b = Li[t']) 5iV. 

If Mi >+ Q we get a contradiction from the induction hypothesis since 
7](M") < rj(M). Otherwise, M" is the same as M up to the change of name 
of a variable and o\ differs from a only at the address b. At this address, 
Xi was substituted in a by Ni[n) and in u\ by Li[t'] but f]c(L\) < rjc{Ni) 
and thus we get a contradiction from the induction hypothesis. 

• M>*Q, Q a [a]>* fiaL for some address a in Q such that lg(type(Q a )) < lg(A) 
and L[a = a Q[a}] >* P. Then, L[a = b M'[a]] SN where b = [I :: a] and 
M' = {QM 2 ). 

By lemma 18, there is an L' and t' such that L'[t'\ e SiV and M'[cr](6 = 
L'[t'\) SN. Let M" be M' where the variable x l at the address 6 has 
been replaced by the fresh variable y. Then M"[a][y := L'[t'}} = M'[a](b = 
L'[t'])^SN. 

But r}{M") < T](M) and cxty(M") < cxty(M) since, because of its type, Q a 
cannot be a variable and thus, by the induction hypothesis, M"[cr] € SN. 
Since M"[a][y := L'[t']] <£ SN and lg(type(L')) < lg{A), this contradicts 
the induction hypothesis. 

— M 2 [cr] >* [iaP and P[a —i Mi[a]] £ SN. This case is similar to the previous 
one. □ 



Theorem 20. Every typed term is in SN. 

Proof By induction on the term. It is enough to show that if M, N € SN, then 
(M N) <E SN. Since (M N) — (x y)[x := M][y := N] where x, y are fresh variables, 
the result follows by applying theorem 19 twice and the induction hypothesis. □ 

5 Why the usual candidates do not work ? 

In [21], the proof of the strong normalization of the A/^,-calculus is done by using 
the usual (i.e. defined without a fix-point operation) candidates of reducibility. This 
proof could be easily extended to the symmetric A^i-calculus if we knew the following 
properties for the un-typed calculus: 

1. If N and (M[x := N] ~P) are in SN, then so is (XxM N P*). 

2. If N and (M[a = r N] ~P) are in SN, then so is (/j,aM N ~P). 

3. If ~P are in SN, then so is (x ~P). 



These properties are easy to show for the /3^-reduction but they were not known 
for the /?/i//-reduction. 

The properties (1) and (2) are false. Here is a counter-example. Let Mo = 
Ax(x P 0) and M\ = Xx{x P 1) where = XxXyy, 1 = XxXyx, A = Xx(x x) 
and P = XxXyXz (y (z 10) (zO 1) Xdl A A). Let M = Xf{f (x Mi) (x M )), 
M' = Xf(f (/? Ax(x Mi)) {/3 Ax(x M ))) and N = (a Xz{a z)). Then, 

- M[x := [iaN] e SN but {XxM ^aN) £ SN. 

- M'[(i = r naN] e SN but (fj,/3M' fiaN) SN. 

This comes from the fact that (M M ) and (Mi Mi) are in SN but (Mi M ) 
and (Mo Mi) are not in SN. More details can be found in [10]. 

The third property is true and its proof is essentially the same as the one of the 
strong normalization of fifj . This comes from the fact that, since (x M\...M n ) never 
reduces to a A, there is no "dangerous" /3-reduction. In particular, the /3-reductions 
we have to consider in the proofs of the crucial lemmas, are uniquely those that 
appear in the reductions M < M' . We give this proof below. 

Lemma 21. The term (x Mi ... M n ) never reduces to a term of the form XyM. 
Proof By induction on n. Use lemma 11. □ 

Definition 22. — Let Mi, ...,M„ be terms and 1 < i < n. Then, the term M in 
which every sub-term of the form (a U) is replaced by (a (x Mi ... Mj_i U Mj + i 
... M n )) will be denoted by M[a =, (Mi ... M n )]. 

- We will denote by S x the set of simultaneous substitutions of the form [a\ =i 1 



These substitutions are special cases of the one dchncd in section 4 (see definition 
13). For example M[a = 2 (M x M 2 M 3 )] = M[a =i (x M x )] [a = r M 3 ] = M[a = a 
(x Mi M 2 M 3 )] where a = [I :: r]. 

Lemma 23. Assume (x Mi ... M„)>* \ictM . Then, there is an i such that M^>* fiaP 
and P[a =; (Mi ... M n )\ >* M. 

Proof By induction on n. 

- n = 1. By lemma 11, Mi >* iiaP and P[a =i x] = P[a =i (Mi)] >* M. 

- n > 2. Assume (x Mi ... M„„i M n ) \>* ^iaM. By lemmas 11 and 21, 

- either (x Mi ... M„_i) >* fiaN and N[a = r M„] >* M. By the induction 
hypothesis, there is an i such that Mi>* [ictP and P[a =j (Mi ... M n _i)]>*iV. Then 
P[a =i (Mi ... M„_! M n )\ = P[a =i (M 1 ... M n _i)][a = r M n }>* N[a = r M n }o*M. 

- or M n >*/j,aN and N [a =i (x M 1 ... M„_i)]>*M. Then 7V[a =j (x Mi ... M„_i)] 
= N[a =„ (Mi ... M n _! M„)] >* M. □ 

Lemma 24. Assume Mi,...,M„ G SW and (x Mi ... M„) ^ 5 AT. T/ien, t/iere is 
an I <i <n such that M t o* fia U and U[a =i (Mi ... M n )] SN. 

Proof Let k be the least such that (x Mi ... M fc _i) e SN and {x M x ... M k ) 
SN. By lemmas 14 and 21, 

- either M k >* \xa\J and U[a —i (x Mi ... M fe _i)] ^ SN. Then, i = k satisfies 
the desired property since U[a —k (Mi ... M„)] = [/[a =j (x Mi ... Mfc_i)][a = r 
M fc+ i]...[a = r M„]. 

- or (x Mi ... M fc _i) >* fiaP and P[a = r M fc ] ^ 57V. By lemma 23, let i < k - 1 
be such that that M 4 >* ^aC/ and f/[a =, (Mi ... M fc _i)] >* P. Then f/[a =j 
(Mi ... M„)] ^ 57V since U[a =i (M 1 ... M n )\ - U[a =i (M 1 ... M fc _i)][a = r 
M fc ] [a = r Mfc+i]...[a = r M„] reduces to P[a = r M k ][a = r M k+1 ]...[a = r M n ). □ 



{Ml ... Ml 



),..., a fc = ifc (Mf...M„ fe )] . 



Remark 



Lemma 25. Let M be a term and a £ S x . If M[a] >* paP (resp. M[a] >* XxP) , 
then M >* fiaQ (resp. M >* XxQ) for some Q such that Q[a] >* P. 

Proof As in lemma 6. □ 

Lemma 26. Let M be a term and a £ S x . Assume 8 is free in M but not free in 
Im(a). If M[a] £ SN but M[a}[5 =i (Pi...P n )} <£ SN, there is M' < M and a' 
such that M'[a'\ G SN and (x Pi...P t -i M'[a'} P i+1 ...P n ) SN. 
Proof As in lemma 9. □ 

Theorem 27. Assume Mi, ...,M n are in SN. Then (x Mi ... M n ) £ SN. 

Proof We prove a more general result: Let Mi, M n be terms and a\, a n be 
in E x . If Mi[cti], M n [a n ] £ SN, then (x Mi[cti] ... M n [a n ]) £ SN. The proof is 
done exactly as in theorem 10 using lemmas 24, 25 and 26. □ 



6 Future work 

— Parigot has introduced other simplification rules in the A^i-calculus. They are 
as follows : (a n(3M) M[[3 := a] and, if a is not free in M, /j,a(a M) -^> & M. 
It would be interesting to extend our proofs to these reductions. The rule 6 
causes no problem since it is strongly normalizing and it is easy to see that this 
rule can be postponed (i.e. if M -^* p ^ pe Mi then M -^* fj ^ p M 2 M x for 
some M2). However it is not the same for the rule p which cannot be postponed. 
Moreover a basic property (if M[a — s N] >* fif3P, then M >* n(3Q for some Q 
such that Q[a = s N] >* P) used in the proofs is no more true if the p-rule is 
used. It seems that, in this case, the /j, can only come either from M or from N 
i.e. without deep interaction between M and and thus that our proofs can 
be extended to this case but, due to the lack of time, we have not been able to 
check the details. 

— We believe that our technique, will allow to give explicit bounds for the length 
of the reductions of a typed term. This is a goal we will try to manage. 
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